Author Posts

November 16, 2016 at 1:33 am

I am trying to import from our Exchange Server and so far have been unsuccessful.

My objecive is to utilized Exchange CMDLETS from Active Directory PS session where I can iterate through my AD OU tree and then edit AD email attributes by creating arrays with Exchange specific smdlets such as 'Get-Contacts'.

Specifics:
I am running this command from the Active Directory server
There is a clustered Exchange server enviornment where all Exchange servers are running on Windows 2012
Active Directory server and Exchange 2013 servers are on the same subnet, same domain.

From AD PowerShell Console, I am trying to import my Exchange server session. The credentials have been verified and correct, however when I run this, I receive this error. Since Exchange is running on Win2012, WinRm is already running and accepting commands. I also have the Trusted hosts on the Active Directory server set to '*' to trust all servers. I went over all possibilities but I don't see why this shouldn't work, unless there are components about Exchange Shell I do not understand.

$UserCredential = Get-Credential
 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $UserCredential -Authentication Basic -AllowRedirection

OutPut

WARNING: Your connection has been redirected to the following URI: "https://mail.XXXX.com/PowerShell-LiveID?PSVersion=5.0.10586.117
 "
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.techpro.com failed with the following error message : The WinRM 
client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned 
by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help 
topic.At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
   ption
    + FullyQualifiedErrorId : URLNotAvailable,PSSessionOpenFailed

November 21, 2016 at 8:55 pm

There's potentially a bunch of stuff happening here. TrustedHosts ain't it, though, and you should remove the * setting as it's a terrible, horrible, bad, awful thing to have on a domain controller. Awful. This also likely has nothing to do with credentials, not with that error message.

First, because you're using a cluster, you're getting a redirect to the active node. That's fine. Have you verified that you can directly connect, via Remoting, to each of the cluster nodes? Using their host names, not a cluster name? Let's start with that.

November 22, 2016 at 6:20 pm

I can successfully remote to each Exchange DAG Member (Database Availability Group) from the Domain Controller which resides on the same Subnet as these Exchange boxes.

PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex01 -Credential $credentials

[w12-dag-ex01]: PS C:\Users\administrator.TECHPRO\Documents> exit

PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex02 -Credential $credentials

[w12-dag-ex02]: PS C:\Users\administrator.TECHPRO\Documents> exit

PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex03 -Credential $credentials

[w12-dag-ex03]: PS C:\Users\administrator.TECHPRO\Documents> exit

PS C:\Windows\system32> Enter-PSSession -ComputerName w12-dag-ex04 -Credential $credentials

[w12-dag-ex04]: PS C:\Users\administrator.TECHPRO\Documents> exit

Main Objective:
To compose a script that will iterate through multiple Active Directory OU's and its users and perform checks and edit specific 'Contact' information (showinAddressbook) attributes within AD. Looping construct will be an ARRAY of business OU's, but will need to utilize Exchange cmdlets (one of which is 'Get-Contact'), hence why I need to be able to import Exchange session into my PowerShell session running on Active Directory server.

More Info:
Before your post, my research turned up a 'next action item' for me to try and resolve by running the "Exchange Management Troubleshooter" on the server to see if that turns up anything.
https://support.microsoft.com/en-us/kb/3063897

However, if you see an alternative direction, please let me know.

My 'experience' thus far has been a crash course line composed of Kindle PowerShell books, working with ISE, and a smattering of your YouTube Videos, so I might not be as of yet 'fluent' in the correct terms.

November 22, 2016 at 7:26 pm

Here's what I use to connect to 2010, but it should still work in 2013.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://(fqdn)/PowerShell/ -Authentication Kerberos
Import-PSSession $Session

You only have to add credentials if not connecting as the current user.

November 22, 2016 at 8:31 pm

Minus the Kerberos authentication, that is exactly the same 'NEW-PSSession' command I did above in my first post. When I try to create a session and assign to a new variable, that is when it errors out.

Attempting the same with Kerberos shows me that Kerberos is not setup on our system to accept this kind of authentication.

S C:\Users\administrator.TECHPRO> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $credential -Authentication Kerberos -AllowRedirection
New-PSSession : [mail.techpro.com] Connecting to remote server mail.XXXX.com failed with the following error message : WinRM 
cannot process the request. The following error occurred while using Kerberos authentication: The computer mail.techpro.com is 
unknown to Kerberos. Verify that the computer exists on the network, that the name provided is spelled correctly, and that the 
Kerberos configuration for accessing the computer is correct. The most common Kerberos configuration issue is that an SPN with the 
format HTTP/mail.techpro.com is not configured for the target. If Kerberos is not required, specify the Negotiate authentication 
mechanism and resubmit the operation. For more information, see the about_Remote_Troubleshooting Help topic.At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
   ption
    + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionOpenFailed

November 22, 2016 at 8:37 pm

Try it with just http. From poking around in Google, there are some other things that have to be configured for https to work properly. Most of the https examples are for O365, where you have to connect over the Internet.

November 23, 2016 at 1:59 am

Tried it with basic and Kerberos authentication without 'https', still errored out. The last attempt I tried with 'https' and as you can see, the redirect is working in that instance so I suspect that this server only listens on that secure port.

PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mail.XXXX.com/powershell/ -Credential $credential -Authentication Kerberos -AllowRedirection
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : WinRM 
cannot process the request. The following error occurred while using Kerberos authentication: The computer mail.XXXX.com is 
unknown to Kerberos. Verify that the computer exists on the network, that the name provided is spelled correctly, and that the 
Kerberos configuration for accessing the computer is correct. The most common Kerberos configuration issue is that an SPN with the 
format HTTP/mail.XXXX.com is not configured for the target. If Kerberos is not required, specify the Negotiate authentication 
mechanism and resubmit the operation. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
   ption
    + FullyQualifiedErrorId : NetworkPathNotFound,PSSessionOpenFailed

PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mail.XXXX.com/powershell/ -Credential $credential -Authentication Basic -AllowRedirection
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : The WinRM 
client cannot process the request. Unencrypted traffic is currently disabled in the client configuration. Change the client 
configuration and try the request again. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
   ption
    + FullyQualifiedErrorId : -2144108322,PSSessionOpenFailed

PS C:\Windows\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://mail.XXXX.com/powershell/ -Credential $credential -Authentication Basic -AllowRedirection
WARNING: Your connection has been redirected to the following URI: "https://mail.XXXX.com/PowerShell-LiveID?PSVersion=5.0.10586.117
 "
New-PSSession : [mail.XXXX.com] Connecting to remote server mail.XXXX.com failed with the following error message : The WinRM 
client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned 
by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help 
topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportExce 
   ption
    + FullyQualifiedErrorId : URLNotAvailable,PSSessionOpenFailed

November 24, 2016 at 2:42 pm

Hello,

Can you check the Authentication in IIS?

in IIS: servername\sites\your Exchange site\Powershell
Option: Authentication

What is here Enabled? On my server I see that "Windows Authentication" is Enabled.

Hope this helps

November 25, 2016 at 11:57 pm

Ah...
Windows Authentication is Disabled.

November 26, 2016 at 4:31 pm

I am getting negative feedback from my organization's staff as far as allowing Powershell windows authentication from within IIS on Exchange. I will have to to turn this capability on to see if this is my issue.

I will post if this is in fact the resolution.

November 28, 2016 at 12:43 am

I am going to consider this ticket 'resolved'.

The issue was adjusted the Powershell IIS authentication from Disabled to Enabled. After that, I was able to import an Exchange session.

Many thanks.